package com.filter;

import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.StringTokenizer;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.utils.ResourceUtil;

public class AuthFilter implements Filter {

	public void destroy() {

	}
    private String redirectURL = null;

    private List<String> notCheckURLList = new ArrayList<String>();

    private String sessionKey = null;
	public void doFilter(ServletRequest servletRequest,
			ServletResponse servletResponse, FilterChain filterChain)
			throws IOException, ServletException {// 1,doFilter方法的第一个参数为ServletRequest对象。此对象给过滤器提供了对进入的信息（包括表单数据、cookie和HTTP请求头）的完全访问。第二个参数为ServletResponse，通常在简单的过滤器中忽略此参数。最后一个参数为FilterChain，此参数用来调用servlet或JSP页。

		HttpServletRequest request = (HttpServletRequest) servletRequest;// ;//如果处理HTTP请求，并且需要访问诸如getHeader或getCookies等在ServletRequest中无法得到的方法，就要把此request对象构造成HttpServletRequest
		HttpServletResponse response = (HttpServletResponse) servletResponse;

		HttpSession session = request.getSession(false);
        if (sessionKey == null) {
            filterChain.doFilter(request, response);
            return;
        }
		// 判断当前页是否是重定向以后的登录页面页面，如果是就不做session的判断，防止出现死循环
		if(!checkRequestURIIntNotFilterList(request)){
			if (session == null || session.getAttribute("sessionInfo") == null) {// *用户登录以后需手动添加session
				response.sendRedirect(request.getContextPath() + redirectURL);// 如果session为空表示用户没有登录就重定向到login.jsp页面
				return;
			}
		}
		// 加入filter链继续向下执行
		filterChain.doFilter(request, response);// .调用FilterChain对象的doFilter方法。Filter接口的doFilter方法取一个FilterChain对象作为它的一个参数。在调用此对象的doFilter方法时，激活下一个相关的过滤器。如果没有另一个过滤器与servlet或JSP页面关联，则servlet或JSP页面被激活。

	}
	 //判断哪些jsp不要验证
    private boolean checkRequestURIIntNotFilterList(HttpServletRequest request) {
    	 String uri = request.getServletPath() + (request.getPathInfo() == null ? "" : request.getPathInfo());   
    	return notCheckURLList.contains(uri);
    	
    }

	public void init(FilterConfig filterConfig) throws ServletException {
		 
	        redirectURL = filterConfig.getInitParameter("redirectURL");
	        sessionKey = ResourceUtil.getSessionInfoName();
	        String notCheckURLListStr = filterConfig.getInitParameter("notCheckURLList");
	        if (notCheckURLListStr != null) {
	            StringTokenizer st = new StringTokenizer(notCheckURLListStr, ",");
	            notCheckURLList.clear();
	            while (st.hasMoreTokens()) {
	                notCheckURLList.add(st.nextToken());
	            }
	        }
	}
}